Add signing and verification methods based on in-toto statements #193
Conversation
|
@laurentsimon, @font and @mihaimaruseac this is the first part split out from #177 . I started with it because it is a standalone part of the former change. I did not address any comments to make sure nothing is missed. Please be so kind and repost your comments here. |
There was a problem hiding this comment.
@susperius Thanks for splitting this out! I made a first pass and it generally looks really good. I made a few comments. The main one being that I think we should also offer a way to sign and upload to Sigstore's Rekor transparency log using an existing key instead of just the keyless option. What do you think?
susperius
force-pushed
the
main
branch
2 times, most recently
from
d487ac1
to
f638bc3
Compare
susperius
force-pushed
the
main
branch
2 times, most recently
from
03f2a4d
to
af780b1
Compare
Signed-off-by: Martin Sablotny <msablotny@nvidia.com>
|
@mihaimaruseac and @laurentsimon what tooling do you use to create/update the requirement (lock) files? |
We have a GitHub action: https://github.com/sigstore/model-transparency/actions/workflows/pin_deps.yml It can be manually triggered and the target branch could be set to a PR branch, but I have not tested it. |
|
@mihaimaruseac what's the way forward with this pull request? |
|
Hmm, let me check a couple of things. I'd like to have either this or the manifest progress by Wednesday meeting |
Let's go with this one first, the manifest work seems to need more time :(. Can you rebase this back on |
Done |
susperius
force-pushed
the
main
branch
3 times, most recently
from
57e6316
to
0e0886a
Compare
license gitignore newline add dependencies Signed-off-by: Martin Sablotny <msablotny@nvidia.com> deps
|
@mihaimaruseac friendly ping |
|
Sorry, been ~OOO for the past 1.5 weeks. Hmm, there's a unit test failure, a module not found error. I'm ok with the PR, leaving to @laurentsimon for final review. |
Signed-off-by: Martin Sablotny <msablotny@nvidia.com>
No worries! Hope I fixed the deps issue. |
|
This is weird, we should not list the same dependency twice. Did you upgrade the frozen deps files? |
I was surprised too. (AFAIU it's not possible for me to fix the deps since I'd need a system each don't I?) |
|
I cannot run it on your fork repo. In your fork, you need to go to the "Pin dependencies" action (https://github.com/susperius/model-transparency/actions/workflows/pin_deps.yml) and trigger one run. It will create a PR on your fork against your main branch, merge that and then this will automatically update. But before you do that, you'll have to remove it from the duplicate |
Ah ok, thanks! |
Signed-off-by: Martin Sablotny <msablotny@nvidia.com>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Update frozen python dependencies
Signed-off-by: Martin Sablotny <susperius@gmail.com>
Signed-off-by: Martin Sablotny <susperius@gmail.com>
There was a problem hiding this comment.
We can merge this PR and make generalize / update the code w.r.t manifest / raw signers in follow-up PRs.
Thanks @susperius again!
Signed-off-by: Martin Sablotny <msablotny@nvidia.com>
This PR adds functionality to sign and verify models with Sigstore, "Bring Your Own Key" and "Bring Your Own PKI".
The signing part expects an in-toto statements and returns a signed sigstore bundle with the appropriate verification material added.
The verification part takes a sigstore bundle as input and verifies the signature over the DSSE envelope payload.
This PR is split out from #177 .